erbium | 08a9de61d04fdb77d46352f2bb8dd76e6d49fca2f7fe022a1c46c9bc239e5069 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08a9de61d04fdb77d46352f2bb8dd76e6d49fca2f7fe022a1c46c9bc239e5069
Size

2.7MB
Sample

221021-pwkepsbhc9
MD5

8ce707c2a326d2a9952c164a3cd4fe09
SHA1

37d4f031eda43e65fb0de5bfee832bab106f7e65
SHA256

08a9de61d04fdb77d46352f2bb8dd76e6d49fca2f7fe022a1c46c9bc239e5069
SHA512

971389f8eafc5aa83acd151c72f7fc622ce7ee44a9fb5f9d85a9e1727d594985ce97170926a8a8ef62a6987cc9ae30150d8180a0426e8ef93915016e58fdb87b
SSDEEP

49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYci2ek:P1Kqvv07noI7lOOYcm

Score

10^/10

erbium spyware stealer

Malware Config

Extracted

Family

erbium

C2

http://77.73.133.53/cloud/index.php

Targets

- Target
  
  08a9de61d04fdb77d46352f2bb8dd76e6d49fca2f7fe022a1c46c9bc239e5069
- Size
  
  2.7MB
- MD5
  
  8ce707c2a326d2a9952c164a3cd4fe09
- SHA1
  
  37d4f031eda43e65fb0de5bfee832bab106f7e65
- SHA256
  
  08a9de61d04fdb77d46352f2bb8dd76e6d49fca2f7fe022a1c46c9bc239e5069
- SHA512
  
  971389f8eafc5aa83acd151c72f7fc622ce7ee44a9fb5f9d85a9e1727d594985ce97170926a8a8ef62a6987cc9ae30150d8180a0426e8ef93915016e58fdb87b
- SSDEEP
  
  49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYci2ek:P1Kqvv07noI7lOOYcm
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2